A Bitcoin Core addition called Opt-In Replace-By-Fee (Opt-in RBF) allows transactions to be flagged as replaceable and replaced until the transaction gets confirmed in the next block, according to Nasdaq. It gives wallets the chance to add a signal to a transaction that gives permission for nodes to update the transaction.
Opt-in RBF was part of the original bitcoin software but was removed due to denial of service problems. Opt-In RBF solves this problem by adding a higher fee for transaction replacement.
Opt-in RBF consists of a change to the network relay code and memory pool that gives wallets the option to add a signal to transactions giving permission for full nodes to update the specific transaction. The feature marks a variation of RBF, also included in Bitcoin Core. Bitcoin journalist Aaron Van Wirdum provided a summary of the cases for and against RBF in Bitcoin Magazine.
Bitcoin Core developer Peter Todd blogged that opt-in RBF wallets are not currently ready to deploy detection software for opt-in RBF transactions. Todd noted wallets that don’t have such software deployed leave users at a heightened risk of getting cheated by double spenders, particularly for zero-confirmation transactions. The existence of bitcoin wallets not being ready for deployment could lead users to believe the community should wait to integrate opt-in RBF.
Todd said the concern is valid if consumer and merchant wallets are capable of warning users about the possibility of double-spend efforts prior to opt-in RBF integration. If wallets can’t currently properly detect and warn users, scammers will not need to use opt-in RBF since they will have no problem using the existing system.
Todd tested existing security levels against double spend attacks of some popular wallets and posted the following findings.
• The wallets not only failed to warn users of the chance of a double spend. The majority did not warn users that a double spend occurred.
• Half of the wallets could get double spent by an attacker with very little technical sophistication with 100% success probability.
• The other half of the wallets could get double spent with around 25% success rate by an attacker with almost no technical sophistication.
Opt-in RBF will not increase user vulnerability to double spend since users are already vulnerable with most wallet providers until the blockchain confirms the transaction.
At the same time, merchant service platform executives like Jamie Robinson of AcceptBT, a payment processor, and Stephen Pair of BitPay have integrated RBF detection software to reduce zero confirmation risk.
Pair wrote in a Medium blog titled “In Support of Opt-in RBF” that BitPay was thrilled when it integrated Opt-in RBF. He said both the RBF and “first seen” behaviors are helpful mesh network features.
The “first seen” behavior will remain and existing infrastructure and wallets making use of “first seen” behavior won’t be impacted except for minor changes that are required to detect RBF transactions.
“This new functionality makes bitcoin itself more valuable,” Pair wrote.
Robinson noted he changed the AcceptBT user interface to account for opt-in RBF. If a transaction can double spend, a message displays notifying the merchant the transaction is not eligible for instant approval, and their merchant terminal displays a pending transaction.
Featured image from Shutterstock.